… for their static IOCs (indicators of compromise): Better yet, you can generically detect WireLurker or other persistent malware using launchd and the following scheduled query, which will keep track of new, unique additions to your infrastructure: This method has the distinct advantage of detecting malicious applications like WireLurker based…